30, Oct. 2009

Download: Mozilla Firefox 3.5.4

Ακόμη ένα κρίσιμο update είχαμε σήμερα για τον Mozilla Firefox το οποίο και κλείνει ένα πλήθος από security holes.

H νέα έκδοση του Mozilla Firefox 3.5.4 ανέβηκε στο FTP του Mozilla και περιλαμβάνει διορθώσεις κενών ασφαλείας καθώς και αρκετά Bug Fixes τα οποία και είναι τα παρακάτω:

Security Advisories for Firefox 3.5

Impact key:

  • Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
  • High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
  • Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
  • Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.)

Fixed in Firefox 3.5.4

MFSA 2009-64 Crashes with evidence of memory corruption (rv:
MFSA 2009-63 Upgrade media libraries to fix memory safety bugs
MFSA 2009-62 Download filename spoofing with RTL override
MFSA 2009-61 Cross-origin data theft through document.getSelection()
MFSA 2009-59 Heap buffer overflow in string to number conversion
MFSA 2009-57 Chrome privilege escalation in XPCVariant::VariantDataToJS()
MFSA 2009-56 Heap buffer overflow in GIF color map parser
MFSA 2009-55 Crash in proxy auto-configuration regexp parsing
MFSA 2009-54 Crash with recursive web-worker calls
MFSA 2009-53 Local downloaded file tampering
MFSA 2009-52 Form history vulnerable to stealing